Monday, July 3, 2017

I can without a doubt confirm that the most hijacked and hacked accounts worldwide belong to Facebook. I have been asked myself to recover more than 15 accounts belonging to my friends or mutual friends. I don't succeed most of the time.

For example, my best friend's girlfriend had her account hijacked 1 month ago. The girl noticed the change one month later. I was asked to remedy the situation, I was having trouble even locating her account, but when I did nothing could recover her account back. The hijackers set up trusted friends, new email, new phone, new photos and even a new name.

Recently, my friend's account was hijacked and I was asked to recover it. It was an immensely important account used to conduct business and had chats were supposed confidential, so I wasn't taking it lightly.

The password's been obviously changed and the email address (Hotmail) hijacked and two-step authentication set up (Confirmed from Hotmail's account recovery process). So, recovering the account was pretty much a dead-end confirmed with Facebook's horrid message:

So, I was really stuck. At this point, there is was no direct way to contact Facebook regarding hacked accounts. You can directly contact them for impersonation or copyright issues but not for hacked accounts.

Then, after that, I have asked the victim to find any web browser where he's logged in on Facebook in the past (with the old password), screenshot he's sent:

After he has pressed on "click here", he has indicated that the Facebook account has been compromised, next photo:

After the victim clicked on "Secure My Account", he was taken to this page, the victim's Hotmail account was compromised so he clicked on "No longer have access to these?":

And surprisingly, and taken to this annoying and useless page, the victim has clicked on "I cannot access my email account":

Then, Facebook asked for a new email address:

At this stage, an email address that I operate was provided, this page below was shown; however, this page is not accessible for everyone. The URL for this page is the following https://www.facebook.com/help/contact/278918555806469/ but apparently will not be enabled for anyone unless they went through the recovery process (from a browser that they have logged in on in the past):

After the ID has been provided, Facebook Support directly sent me an email since the victim set up an email of mine as the contact email for the resolution of the issue:

Since the victim has uploaded his ID, I have briefly described the issue to Facebook:

One day later, the account was recoverable. Win:

But we were not done yet, I've had to reverse the damage. First, I've had to invalidate the old email and add another email for the victim. At this point, I've set up an email for him from my domain name and added it to his Facebook. The email had two-step authentication configured on it as well as a complex password, and no matter what I can recover it:

The email was confirmed:

Then, the account was logged out of all the devices:

Added phone numbers, emails and apps were all removed:

Recent activity was checked as well for malicious posts added:

That's it, the account was recovered and two-step authentication was activated now; a step the victim didn't know existed in the first place.